Global Mapping of Cyber Security Threats: Actual and Perceived

Abstract

The project team (led by Prof. Kathleen Carley), aims to collect & analyze data, and develop theories related to the strategic use of cyhc1-t1Uncks. It will use data from multiple sources to create a scientific understanding of global cyber-threat, that is which countries are purportedly attacking which, through empirically characterizing the nature of the current threat environment and testing a series of hypotheses. Economic, social, political and adversarial relations are used to explain cyber attack behavior. Cyber attack behavior is characterized using data from Symantec, Hackmageddon and Arbor. Economic information is drawn from the World Bank, social and political information from Twitter and GDelt, and Adversarial data from Correlates of War. Three key questions will be addressed: 1) Do the perceptions about cyber attacks match the reality? 2) Are economic and politically motivated attacks different in nature? 3) Do political interventions, such as changes in policy, effect changes in the cyber-attack landscape? Several subtasks have been proposed: 1) Collect attack data from multiple sources and clean it. 2) Statistically analyze differences Jn attacks to understand the distribution and structure of these attacks. In particular, attention will be paid to difference in attacks on corporate-vs-government entities, and that are motivated economically or politically. 3) Collect perception data. Download Twitter data, analyze tweets by country using geographic indicators, and remove any tweets from Bots. Download news data from GDELT. Clean the data and use it to assess sentiment about country B by country A, sentiment toward attacks, and perception of attacks. Statistically analyze relation of these perceptions to the actual attacks. 4) Conduct a longitudinal study at the global and actor level, in conjunction with a network study. 5) Conduct a multi-indicator analysis to separate attacks by potential motive. 6) Conduct an intervention analysis to see how changes in policy impact attacks and the perception of attacks. 7) Based on these analyses, develop a causal theory and model regarding the basis for attacks and the perception about attacks. In addressing whether the perceptions match the reality, we will conduct a longitudinal study examining how trends in perception and attacks change. Thus we will consider not only whether awareness of attacks, but also the "anger" about attacks increases or decreases as the attack levels change. In addressing the motivation for attacks we will address a number of questions. a. Are different logics needed to explain cyber attacks on corporate and government sites? For example, is a logic of economic gain the dominant predictor of attacks on corporate sites and political hostility of attacks on government sites? h. Does this logic change by the size of the attack, or by other attack features? c. Does this logic change by the GDP of the country being attacked or attacking? We expect to do an overall global assessment, and then a deeper assessment of the attacks between NATO countries and Russia in contrast to those between NATO countries and China. Finally, we will consider the impact of US policy interventions, both on changes in the number of attacks and the perception, but also as to whether the impact of these interventions depends on the motivation. To orient this particular analysis we will do a deep dive into the attacks between the US and China, and US and Russia.

Document Details

Document Type

DoD Grant Award

Publication Date

Jan 12, 2017

Source ID

W911NF1610049

Entities

Tags